Documents uncovered from the US Patent and
Trademark Office reveal that card schemes may not be telling the
whole truth when it comes to the security of contactless
technology.
It is alleged the documents show that at least
one credit card company is aware that the contactless cards
containing RFID chips are highly susceptible to ‘electronic
pickpocketing’.
Go deeper with GlobalData
According to Identity Stronghold, a company
that specialises in the manufacture of RFID shielding sleeves and
holders designed to prevent the reading of contactless smartcards,
the director of Visa’s product development has previously warned
that contactless readers may be used for “surreptitious
interrogation”.
In a 2006 patent application on Visa’s behalf,
the director said that, “unfortunately, due to the wireless nature
of the contactless portable electronic devices, it is entirely
possible that a contactless reader may be used for surreptitious
interrogation of the contactless portable electronic devices.
“In addition, it is conceivable that a
contactless reader may be developed and modified to generate a much
greater RF signal strength and sensitivity and thereby increase the
standard range.”
In another patent application the same
director also went on to say that contactless cards’ susceptibility
to electronic pickpocketing is a major concern for consumers and
businesses alike as it is “easy for wireless interrogation to occur
virtually at any time and place”.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalDataIn a wireless environment, a potential skimmer
does not have to physically possess the card or POS
equipment/connections for the data to be skimmed.
“Once the victim of the wireless interrogation
discovers that they had sensitive information stolen, it is often
too late to discover where the theft took place,” said the
director.
“Thus, the unauthorised interrogations may
continue unabated.”
The patent documents conclude that a shielding
device is required to prevent such attacks.
Identity Stronghold claims that despite this
warning from the Visa director, credit card companies have neither
warned their customers about the risks their cards pose nor
countered the risks by issuing cards with shielding sleeves.
“The problem is real. The risk is great, and
the stakes are as high as your credit limit,” said Walt
Augustinowicz, president of Identity Stronghold.
“We keep demonstrating to news cameras how
easy it is to electronically scan useable data from cardholders in
public places, and credit card companies keep denying it’s possible
to scan and use the data for payment fraud. As if putting
cardholders at risk in the first place wasn’t disrespectful
enough.”
